Jump to content
Sign in to follow this  
Harvo

My HJT log. Can you please have a look?

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:25: VIRUS ALERT!, on 08/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\KService\KService.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Tesco\Picture Suite\InsDetect.exe

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7902FDEB-6AD7-4E5B-B202-70531297E3D0} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - {0CAA216D-B1AF-4C4A-8EDC-FB2D822570CB} - (no file)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [\VIE1A.exe] C:\Windows\System32\VIE1A.exe

O4 - HKLM\..\Run: [\VIE1B.exe] C:\Windows\System32\VIE1B.exe

O4 - HKLM\..\Run: [\VIE1C.exe] C:\Windows\System32\VIE1C.exe

O4 - HKLM\..\Run: [\VIE1D.exe] C:\Windows\System32\VIE1D.exe

O4 - HKLM\..\Run: [\VIE43.exe] C:\Windows\System32\VIE43.exe

O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe

O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe

O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe

O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe

O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe

O4 - HKLM\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe

O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [\VIE1A.exe] C:\Windows\System32\VIE1A.exe

O4 - HKCU\..\Run: [\VIE1B.exe] C:\Windows\System32\VIE1B.exe

O4 - HKCU\..\Run: [\VIE1C.exe] C:\Windows\System32\VIE1C.exe

O4 - HKCU\..\Run: [\VIE1D.exe] C:\Windows\System32\VIE1D.exe

O4 - HKCU\..\Run: [\VIE43.exe] C:\Windows\System32\VIE43.exe

O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe

O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe

O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe

O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe

O4 - HKCU\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe

O4 - HKCU\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: ddcAsPij - ddcAsPij.dll (file missing)

O21 - SSODL: xrdwbfgn - {576D4804-D882-4576-B3C4-DA3CDD8A0F23} - (no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 14438 bytes

Share this post


Link to post
Share on other sites

Welcome to PCPitStop, please be aware that all advice given is taken at your own risk.

Sorry for the wait, the logs are many, and the volunteers are few.

When you reply, please use the "Add Reply" button, not the Quote or New Topic buttons.

 

I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do. The junk can be tough to remove, so do not expect fast or easy.

 

If you still want help, follow these directions:

 

1) C:\Program Files\ewido anti-spyware 4.0\ <<< ewido has been obsolete for a long while, uninstall it in Add Remove programs.

 

2) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode.

* If it is not already set to do this Go to the Mode menu select "Advanced Mode"

* On the left hand side, Click on Tools

* Then click on the Resident Icon in the List

* Uncheck "Resident TeaTimer" and OK any prompts.

* Restart your computer.

(leave TT disabled until we finish)

 

3) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

 

Tutorial

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Remove any old copies of combofix before you proceed.

 

Thanks to sUBs and anyone else who helped with this fix.

 

It is important that it is saved directly to your Desktop.

 

Download ComboFix from Here to your Desktop

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Post the combofix log and a new HJT log.

 

Thanks

Share this post


Link to post
Share on other sites

Hi and thanks for helping me out with this.

 

I can't delete the ewido anti spyware program because I get a message that says 'access denied.'

 

My combofix notepad:

 

ComboFix 08-09-05.14 - HP_Owner 2008-09-10 19:36:42.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.137 [GMT 1:00]

Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\cnsfhont.ini

C:\WINDOWS\system32\JQrCLkkj.ini

C:\WINDOWS\system32\JQrCLkkj.ini2

C:\WINDOWS\system32\mcrh.tmp

D:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))

.

 

2008-10-18 18:31 . 2008-09-05 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop

2008-09-07 23:56 . 2008-09-07 23:56 <DIR> d-------- C:\Program Files\Trend Micro

2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com

2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-09-07 21:35 . 2008-09-07 21:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-06 18:58 . 2008-09-07 23:44 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-09-06 16:55 . 2008-09-10 19:46 8,917 --a------ C:\WINDOWS\system32\Config.MPF

2008-09-06 16:54 . 2008-09-06 16:54 <DIR> d-------- C:\Program Files\SiteAdvisor

2008-09-06 16:54 . 2008-09-06 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2008-09-06 16:50 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-09-06 16:50 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-09-06 16:50 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-09-06 16:50 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-09-06 16:49 . 2008-09-06 16:50 <DIR> d-------- C:\Program Files\Common Files\McAfee

2008-09-06 16:48 . 2008-09-06 16:49 <DIR> d-------- C:\Program Files\McAfee.com

2008-09-06 16:48 . 2008-09-07 22:18 <DIR> d-------- C:\Program Files\McAfee

2008-09-06 16:47 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-09-06 15:50 . 2008-09-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-09-06 12:01 . 2008-09-06 12:11 <DIR> d-------- C:\Program Files\RegCure

2008-09-05 18:01 . 2008-09-06 16:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2008-09-05 00:07 . 2008-09-05 00:07 <DIR> d-------- C:\Program Files\Windows Defender

2008-09-04 22:47 . 2008-09-06 11:55 <DIR> d-------- C:\Program Files\MSA

2008-08-24 20:24 . 2008-08-24 20:24 <DIR> d-------- C:\Program Files\TomTom HOME 2

2008-08-24 20:24 . 2008-08-24 20:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\TomTom

2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-23 21:26 . 2008-08-23 21:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-23 21:18 . 2008-08-23 21:18 <DIR> d-------- C:\WINDOWS\EHome

2008-08-23 08:47 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-08-13 18:58 . 2008-08-13 18:58 <DIR> d-------- C:\Program Files\Sun

2008-08-13 18:29 . 2008-04-11 20:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-08 21:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-08 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-09-07 22:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-09-06 19:20 --------- d-----w C:\Program Files\PCPitstop

2008-09-06 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-23 22:55 --------- d-----w C:\Program Files\MSN Messenger

2008-08-13 17:58 --------- d-----w C:\Program Files\Java

2008-08-02 19:55 --------- d-----w C:\Program Files\Sports Interactive

2006-01-03 18:31 478 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]

"Tesco Insert Detect"="C:\Program Files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]

"kdx"="C:\WINDOWS\kdx\KHost.exe" [2007-05-11 2236416]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]

"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 180269]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-13 339968]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 90112]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 663552]

"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]

"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 143360]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-04-07 C:\WINDOWS\SOUNDMAN.EXE]

"AlcWzrd"="ALCWZRD.EXE" [2005-04-07 C:\WINDOWS\ALCWZRD.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\kdx\\KHost.exe"=

"C:\\Program Files\\KService\\KService.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

 

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-08-18 211232]

S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [ ]

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{7902FDEB-6AD7-4E5B-B202-70531297E3D0} - (no file)

Toolbar-{0CAA216D-B1AF-4C4A-8EDC-FB2D822570CB} - (no file)

HKCU-Run-\VIE1A.exe - C:\Windows\System32\VIE1A.exe

HKCU-Run-\VIE1B.exe - C:\Windows\System32\VIE1B.exe

HKCU-Run-\VIE1C.exe - C:\Windows\System32\VIE1C.exe

HKCU-Run-\VIE1D.exe - C:\Windows\System32\VIE1D.exe

HKCU-Run-\VIE43.exe - C:\Windows\System32\VIE43.exe

HKCU-Run-\VIE1.exe - C:\Windows\System32\VIE1.exe

HKCU-Run-\VIE2.exe - C:\Windows\System32\VIE2.exe

HKCU-Run-\VIE3.exe - C:\Windows\System32\VIE3.exe

HKCU-Run-\VIE4.exe - C:\Windows\System32\VIE4.exe

HKCU-Run-\VIE6.exe - C:\Windows\System32\VIE6.exe

HKCU-Run-\VIE9.exe - C:\Windows\System32\VIE9.exe

HKLM-Run-\VIE1A.exe - C:\Windows\System32\VIE1A.exe

HKLM-Run-\VIE1B.exe - C:\Windows\System32\VIE1B.exe

HKLM-Run-\VIE1C.exe - C:\Windows\System32\VIE1C.exe

HKLM-Run-\VIE1D.exe - C:\Windows\System32\VIE1D.exe

HKLM-Run-\VIE43.exe - C:\Windows\System32\VIE43.exe

HKLM-Run-\VIE1.exe - C:\Windows\System32\VIE1.exe

HKLM-Run-\VIE2.exe - C:\Windows\System32\VIE2.exe

HKLM-Run-\VIE3.exe - C:\Windows\System32\VIE3.exe

HKLM-Run-\VIE4.exe - C:\Windows\System32\VIE4.exe

HKLM-Run-\VIE6.exe - C:\Windows\System32\VIE6.exe

HKLM-Run-\VIE9.exe - C:\Windows\System32\VIE9.exe

HKLM-Run-PC Pitstop Optimize Reminder - C:\Program Files\PCPitstop\Optimize2\Reminder.exe

Notify-ddcAsPij - ddcAsPij.dll

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop

R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 -: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm

O18 -: Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-10 19:45:05

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\KService\KService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe

.

**************************************************************************

.

Completion time: 2008-09-10 19:51:19 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-10 18:51:08

 

Pre-Run: 169,772,666,880 bytes free

Post-Run: 169,876,733,952 bytes free

 

209 --- E O F --- 2008-09-10 17:52:27

 

 

My HJT Log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:53, on 10/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\KService\KService.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Tesco\Picture Suite\InsDetect.exe

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe

O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 11695 bytes

 

 

Thanks again.

Share this post


Link to post
Share on other sites

I can't delete the ewido anti spyware program because I get a message that says 'access denied.'

1) C:\Program Files\ewido anti-spyware 4.0\ <<< ewido has been obsolete for a long while, uninstall it in Add Remove programs.

That says to UNINSTALL in ADD REMOVE PROGRAMS, says nothing about DELETE?

Having used ewido quite a bit myself when it was available, I know it has an uninstaller?

 

Read and follow the directions in the posted order:

 

1) Disable the Service

Click Start > Run and type services.msc

Scroll down to ewido anti-spyware 4.0 guard and right click on it.

Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

 

2) Please download ATF Cleaner by Atribune

http://www.atribune.org/public-beta/ATF-Cleaner.exe

Save it to your Desktop. We will use this later.

 

3) Open notepad and copy/paste the text in the codebox below into it:

 

Folder::
C:\Program Files\ewido anti-spyware 4.0

Save this as CFScript

 

Posted Image

 

Referring to the picture above, drag CFScript into ComboFix.exe.

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

 

4) Run ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.

Click Select All found at the bottom of the list.

Click the Empty Selected button.

Click Exit on the Main menu to close the program.

 

*Cleaning Prefetch may results in a few slow starts until the folder is repopulated:

http://www.windowsnetworking.com/articles_...refetch-XP.html

 

5) Download Malwarebytes' Anti-Malware to your Desktop

http://www.besttechie.net/tools/mbam-setup.exe

 

* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform FULL SCAN, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

* Please post the log from CFScript, the log from MBAM and a new HJT log.

 

How is your computer running now.

 

Thanks

Share this post


Link to post
Share on other sites

After you copy/paste the information from the code box into the notepad,

click on File then Save As. Change the Save in box at the top to "Desktop" using the drop down menu. Change the File Name to CFScript then click on Save.

 

A Notepad nameed CFScript is now on the Desktop, follow the rest of the directions.

Share this post


Link to post
Share on other sites

My HJT Log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:58, on 11/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\KService\KService.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

C:\Program Files\Lexmark 5200 series\lxbtbmon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Tesco\Picture Suite\InsDetect.exe

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Tesco Insert Detect] C:\Program Files\Tesco\Picture Suite\InsDetect.exe

O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 11591 bytes

 

 

My CF Log:

 

ComboFix 08-09-10.04 - HP_Owner 2008-09-11 21:40:02.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.162 [GMT 1:00]

Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\ewido anti-spyware 4.0

C:\Program Files\ewido anti-spyware 4.0\clsid.dat

C:\Program Files\ewido anti-spyware 4.0\context.dll

C:\Program Files\ewido anti-spyware 4.0\engine.dll

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\ewido anti-spyware 4.0\guard.sys

C:\Program Files\ewido anti-spyware 4.0\help.chm

C:\Program Files\ewido anti-spyware 4.0\heuristic.dat

C:\Program Files\ewido anti-spyware 4.0\logfile.txt

C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll

C:\Program Files\ewido anti-spyware 4.0\signatures\2000.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2001.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2002.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2003.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2004.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2005.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2006.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2007.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2008.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2009.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2010.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2011.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2012.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2013.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2014.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2015.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2016.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2017.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2018.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2019.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2020.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2021.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2022.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2023.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2024.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2025.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2026.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2027.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2028.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2029.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2030.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2031.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2032.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2033.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2034.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2035.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2036.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2037.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2038.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2039.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2040.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2041.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2042.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2043.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2044.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2045.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2046.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2047.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2048.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2049.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2050.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2051.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2052.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2053.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2054.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2055.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2056.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2057.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2058.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2059.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2060.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2061.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2062.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2063.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2064.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2065.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2066.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2067.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2068.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2069.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2070.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2071.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2072.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2073.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2074.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2075.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2076.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2077.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2078.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2079.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2080.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2081.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2082.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2083.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2084.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2085.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2086.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2087.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2088.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2089.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2090.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2091.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2092.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2093.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2094.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2095.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2096.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2097.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2098.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2099.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2100.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2101.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2102.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2103.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2104.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2105.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2106.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2107.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2108.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2109.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2110.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2111.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2112.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2113.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2114.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2115.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2116.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2117.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2118.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2119.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2120.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2121.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2122.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2123.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2124.dat

C:\Program Files\ewido anti-spyware 4.0\signatures\2125.dat

C:\Program Files\ewido anti-spyware 4.0\translations\czech.mo

C:\Program Files\ewido anti-spyware 4.0\translations\english.mo

C:\Program Files\ewido anti-spyware 4.0\translations\german.mo

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

 

.

((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))

.

 

2008-10-18 18:31 . 2008-09-05 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop

2008-09-07 23:56 . 2008-09-07 23:56 <DIR> d-------- C:\Program Files\Trend Micro

2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com

2008-09-07 21:36 . 2008-09-07 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-09-07 21:35 . 2008-09-07 21:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-06 18:58 . 2008-09-07 23:44 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-09-06 16:55 . 2008-09-11 21:49 9,089 --a------ C:\WINDOWS\system32\Config.MPF

2008-09-06 16:54 . 2008-09-06 16:54 <DIR> d-------- C:\Program Files\SiteAdvisor

2008-09-06 16:54 . 2008-09-06 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2008-09-06 16:50 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-09-06 16:50 . 2008-06-27 06:08 79,240 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-09-06 16:50 . 2008-06-27 06:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-09-06 16:50 . 2008-06-27 06:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-09-06 16:49 . 2008-09-06 16:50 <DIR> d-------- C:\Program Files\Common Files\McAfee

2008-09-06 16:48 . 2008-09-06 16:49 <DIR> d-------- C:\Program Files\McAfee.com

2008-09-06 16:48 . 2008-09-11 21:30 <DIR> d-------- C:\Program Files\McAfee

2008-09-06 16:47 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-09-06 15:50 . 2008-09-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-09-06 12:01 . 2008-09-06 12:11 <DIR> d-------- C:\Program Files\RegCure

2008-09-05 18:01 . 2008-09-06 16:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2008-09-05 00:07 . 2008-09-05 00:07 <DIR> d-------- C:\Program Files\Windows Defender

2008-09-04 22:47 . 2008-09-06 11:55 <DIR> d-------- C:\Program Files\MSA

2008-08-24 20:24 . 2008-08-24 20:24 <DIR> d-------- C:\Program Files\TomTom HOME 2

2008-08-24 20:24 . 2008-08-24 20:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\TomTom

2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-08-23 21:28 . 2008-08-23 21:28 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-23 21:26 . 2008-08-23 21:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-23 21:18 . 2008-08-23 21:18 <DIR> d-------- C:\WINDOWS\EHome

2008-08-23 08:47 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-08-13 18:58 . 2008-08-13 18:58 <DIR> d-------- C:\Program Files\Sun

2008-08-13 18:29 . 2008-04-11 20:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-08 21:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-08 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-09-07 22:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-09-06 19:20 --------- d-----w C:\Program Files\PCPitstop

2008-09-06 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-23 22:55 --------- d-----w C:\Program Files\MSN Messenger

2008-08-13 17:58 --------- d-----w C:\Program Files\Java

2008-08-02 19:55 --------- d-----w C:\Program Files\Sports Interactive

2006-01-03 18:31 478 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-10_19.50.36.39 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-10 17:46:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-09-11 18:43:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-09-10 17:46:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-09-11 18:43:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-09-10 17:46:54 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-11 18:43:36 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]

"Tesco Insert Detect"="C:\Program Files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]

"kdx"="C:\WINDOWS\kdx\KHost.exe" [2007-05-11 2236416]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]

"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 180269]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-13 339968]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 90112]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 663552]

"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]

"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 143360]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-04-07 C:\WINDOWS\SOUNDMAN.EXE]

"AlcWzrd"="ALCWZRD.EXE" [2005-04-07 C:\WINDOWS\ALCWZRD.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\kdx\\KHost.exe"=

"C:\\Program Files\\KService\\KService.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

 

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-08-18 211232]

S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [ ]

.

Contents of the 'Scheduled Tasks' folder

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-11 21:47:55

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\KService\KService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe

.

**************************************************************************

.

Completion time: 2008-09-11 21:54:26 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-11 20:54:17

ComboFix2.txt 2008-09-10 18:51:21

 

Pre-Run: 169,741,893,632 bytes free

Post-Run: 169,836,662,784 bytes free

 

315 --- E O F --- 2008-09-10 17:52:27

 

 

My MBAM Log:

 

Malwarebytes' Anti-Malware 1.28

Database version: 1141

Windows 5.1.2600 Service Pack 3

 

11/09/2008 22:57:00

mbam-log-2008-09-11 (22-57-00).txt

 

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 163441

Time elapsed: 51 minute(s), 29 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 10

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\gksraemq.btga (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection (Rogue.TrustedProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\Logs (Rogue.TrustedProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor\Logs (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

 

Files Infected:

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\avtasks.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\Logs\av.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\Logs\ga6Support.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\TrustedProtection\Logs\update.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Application Data\winpcdoctor\Logs\update.log (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Owner\Desktop\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully.

 

PC seems to be running fine

Share this post


Link to post
Share on other sites

Thanks for returning your information and the feedback.

 

Remove combofix from the computer like this:

 

Click START then RUN

Now type or copy Combofix /u in the runbox and click OK.

Note the space between the X and the U, it needs to be there.

 

Posted Image

 

To be sure, clean the System Restore files like this:

 

Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

 

Reboot

 

Turn ON System Restore,

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK.

 

Run MBAM again to make sure we got all of the junk, no need to post a clean scan result.

 

Update McAfee and scan the system to make sure it is running right and scanning clean. If you have any problems with the program, contact tech support for instructions.

http://www.mcafee.com/us/support/

 

Let me have a report on how the computer is performing at this point.

 

Some good information for you:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx

 

Here is some great information from experts in this field that will help you stay clean and safe online.

http://users.telenet.be/bluepatchy/miekiem...prevention.html

http://forums.spybot.info/showthread.php?t=279

http://russelltexas.com/malware/allclear.htm

http://forum.malwareremoval.com/viewtopic.php?t=14

http://www.bleepingcomputer.com/forums/topict2520.html

http://cybercoyote.org/security/not-admin.shtml

 

http://www.malwarecomplaints.info/

 

Thanks...pskelley

http://pcpitstop.com/about/supportus.asp

If you are reading this information...thank a teacher,

If you are reading it in English...thank a soldier.

 

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

Share this post


Link to post
Share on other sites

Both scans revealed no problems but the Mcafee scan took about three hours compared to the usual one hour (approx)

Overall the PC is running a little slow but with no apparent viruses/adware/spyware.

Share this post


Link to post
Share on other sites

Thanks for the feedback, have a look at this link I posted:

http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

and this information:

http://www.netsquirrel.com/msconfig/msconfig_xp.html

http://www.malwareremoval.com/tutorials/runningslowly.php

 

I also suggest, if you have not done so recentlyu, you run a free diagnostic here:

Click here: http://www.pcpitstop.com/

Click: Free PC Health Scan - Overdrive

Click: battery of tests

Click: 4. OK, I Want to Run the Tests!

First time? Click New Members, I suggest you register free (they store tests)

Then follow the prompts. Once the test is complete, read the information provided under all tabs.

If you have questions, post them here: http://forums.pcpitstop.com/index.php?showforum=6

 

Thanks

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...